| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-10-17 | in findeol(), do not skip the pushback buffer. fixes PR 5952 by sthen@ and | Henning Brauer | |
| should make the pushback buffer really transparent. diagnosis by me, fix with mpf, some input deraadt, ok mpf | |||
| 2008-10-02 | implement "set state-defaults X", where X is a list of state options as | Henning Brauer | |
| permitted keep state(X). applies to all rules which do not have keep state explicitely. e. g. "set state-defaults pflow, no-sync" ok phessler deraadt | |||
| 2008-09-10 | do not try to print $$ when it has not been set | Theo de Raadt | |
| 2008-09-09 | welcome pflow(4), a netflow v5 compatible flow export interface. | Henning Brauer | |
| flows export data gathered from pf states. initial implementation by Joerg Goltermann <jg@osn.de>, guidance and many changes by me. 'put it in' theo | |||
| 2008-08-31 | avoid line wrap in usage() output; | Jason McIntyre | |
| 2008-08-12 | use correct byte order when printing state expiration minutes; ok henning@ | David Krause | |
| 2008-08-07 | correctly copy the log interface spec when expanding an antispoof rule that | Henning Brauer | |
| covers loopback addresses. ok ryan problem report from Harald Dunkel <harald.dunkel@aixigo.de> | |||
| 2008-07-25 | don't redefine INFINITY -- math.h defines it now | Martynas Venckus | |
| pointed out by, and ok david@, go ahead henning@ | |||
| 2008-07-24 | check sysctl return value | Henning Brauer | |
| From: Gleydson Soares <gsoares@gmail.com>, ryan ok | |||
| 2008-07-03 | do not forget to initialize other member of $$ in qname; noted by mark shroyer | Theo de Raadt | |
| ok henning | |||
| 2008-06-29 | Simplify state creation code; merge state import/export code between pfsync | Ryan Thomas McBride | |
| and the state-related pf(4) ioctls, and make functions in state creation and destruction paths more robust in error conditions. All values in struct pfsync_state now in network byte order, as with pfsync. testing by david ok henning, systat parts ok canacar | |||
| 2008-06-21 | Fix "-T expire"; clear pfra_fback on addresses before sending them back to | Ryan Thomas McBride | |
| the kernel to be deleted. | |||
| 2008-06-11 | remove an ugly article; | Jason McIntyre | |
| 2008-06-10 | Make counters on table addresses optional and disabled by default. | Ryan Thomas McBride | |
| Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt | |||
| 2008-06-10 | save somespace in the state by collapsing two 8 bit ints used as booleans | Henning Brauer | |
| into one 8 bit flags field. shrinks the state structure by 4 bytes on 32bit archs ryan ok | |||
| 2008-06-10 | in verbose mode indicate which states are sloppy, ryan reyk theo | Henning Brauer | |
| 2008-06-10 | new state option "sloppy" to use the sloppy tcp state tracker instead | Henning Brauer | |
| of the good one. ok theo ryan reyk | |||
| 2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride | |
| - Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs. | |||
| 2008-05-27 | Fix count of states flushed, broken when the psnk_af hack was removed in ↵ | Ryan Thomas McBride | |
| pf_ioctl.c r1.196. | |||
| 2008-05-16 | no need to quote the argument to .Nd, now that it's nice and short; | Jason McIntyre | |
| 2008-05-16 | There is not really a network address translation device. | Marco Pfatschbacher | |
| Remove it from the name section. OK mcbride, henning | |||
| 2008-05-09 | Add support to kill states by rule label or state id. | Marco Pfatschbacher | |
| Fix printing of the state id in pfctl -ss -vv. Remove the psnk_af hack to return the number of killed states. OK markus, beck. "I like it" henning, deraadt. Manpage help from jmc. | |||
| 2008-05-09 | Replace a crockpot of semi-cloned productions for handling port | Theo de Raadt | |
| numbers with one, and fix a few other bugs along the way ok mpf henning | |||
| 2008-05-09 | convert port byte order in the production; add port keyword; ok deraadt@ | Markus Friedl | |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl | |
| makes transparent proxies much easier; ok beck@, feedback claudio@ | |||
| 2008-05-08 | make "to any" optional in binat, or well, the implied default. | Theo de Raadt | |
| requested by reyk, ok reyk mpf | |||
| 2008-05-08 | Loosen grammer to permit any number of newlines within most kinds of { } | Theo de Raadt | |
| blocks, as requested by reyk; ok reyk mpf henning | |||
| 2008-05-08 | Bring back (in a more yacc friendly way) support for setting variables | Theo de Raadt | |
| to a sequence of strings and numbers, which get folded together into one string (and later, when used, is re-lexed) ok mpf | |||
| 2008-05-07 | do not assume PF_INOUT is 0 in the enum; ok mcbride | Theo de Raadt | |
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl | |
| 2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl | |
| 2008-05-06 | Document new state creation counter for pfctl -s labels | Marco Pfatschbacher | |
| 2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher | |
| It shows up in pfctl verbose mode and in the 7th field of the labels output. Also remove the label printing for scrub rules, as they do not support labels. OK dhartmei@ (on an earlier version), henning@, mcbride@ | |||
| 2008-04-21 | optnl is a crutch for those who do not understand yacc. it | Theo de Raadt | |
| leads to a variety of errors; ok mcbride | |||
| 2008-02-13 | Use HW_PHYSMEM64. | Mark Kettenis | |
| ok henning@ | |||
| 2008-02-01 | Enable the rest of the filter_opts to be used on anchors. These were accepted | Ryan Thomas McBride | |
| by the parser but not passed to the kernel. This allows filtering based on uid, gid, icmp options, tcp flags, os fingerprint, tos, tags, and probability; It also allows the label to be set. State options and tagging are not permitted. ok henning mpf | |||
| 2008-01-26 | Create the automatic tables at the base of the anchor stack rather than | Ryan Thomas McBride | |
| in the inline anchor. Fixes optimizer bug where automatic table creation in inline anchors fails because rules are now loaded after optimization and no transaction has been opened for the anchor. bug reported by Henrik Johansen ok henning dhartmei | |||
| 2008-01-25 | Get rid of warning when compiling with OPT_DEBUG. | Ryan Thomas McBride | |
| 2007-12-05 | remove unused functions | Charles Longeau | |
| from tobias@ ok mcbride@ tobias@ | |||
| 2007-11-27 | typos; ok jmc@ | Martynas Venckus | |
| sys/dev/pci/pciide.c from naddy@ | |||
| 2007-11-13 | Bring back the number converter for 'set hostid'. | Marco Pfatschbacher | |
| I forgot to think about hex numbers when I removed it. OK deraadt@ | |||
| 2007-11-12 | Remove space/tab compression function from lgetc() and replace | Marco Pfatschbacher | |
| it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@ | |||
| 2007-10-25 | Fix probability rules w/ numbers (e.g probability 0.4). | Marco Pfatschbacher | |
| Add support for probablities of 0% and 100%. With and OK deraadt@ | |||
| 2007-10-24 | HW_PHYSMEM is unsigned | Peter Stromberg | |
| yuck & ok henning@ | |||
| 2007-10-22 | sync with daemon parser code. | Pierre-Yves Ritschard | |
| ok deraadt@ | |||
| 2007-10-22 | pfctl does not need file secrecy | Theo de Raadt | |
| 2007-10-16 | Allow unquoted numbers in variables. | Marco Pfatschbacher | |
| Change 'set hostid' to NUMBER and remove unneeded converter. Add '=' to allowed_to_end_number(x) to make varsets like 4=5 illegal. OK deraadt@ | |||
| 2007-10-16 | in the lex... even inside quotes, a \ followed by space or tab should | Theo de Raadt | |
| expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr | |||
| 2007-10-15 | specifying int instead of just unsigned is better style | Theo de Raadt | |
| 2007-10-13 | support an include directive; file of course must also be "secure" like | Theo de Raadt | |
| the main configuration file; ok henning | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |